[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian mirrors and MITM

On Fri, May 30, 2014, at 11:29 PM, Michael Stone wrote:
> On Fri, May 30, 2014 at 11:25:58PM +1000, Alfie John wrote:
> >Well yes, that's something. But serving Debian over HTTPS would prevent
> >the need for this.
> No, it wouldn't--you'd just have a different set of problems. Given that 
> mirrors are distributed, it would probably be much more likely that 
> you'd improperly rely on a compromised mirror simply because it's 
> serving files via https.

If the fingerprints where on a canonical Debian server (aka non-mirror)
being served over HTTPS, then I would be happy with that too.


  Alfie John

Reply to: